Remote work keeps driving network innovation
The Covid-19 pandemic drove a wide swath of the economy into work-from-home and hybrid environments, and now many corporations are pushing employees to come back to the office fulltime. In recent ResumeBuilder survey of 1,000 corporate decision makers, 90% of respondents said their company will institute, or already has instituted, return-to-office policies.\n\nMany employees are pushing back, however, and arguing that remote work has made them more productive, less stressed out, and better able to balance work-life commitments. In a Cisco survey of 28,000 full-time employees, 78% of respondents said that remote and hybrid work improved their overall well-being. If employers insist on forcing workers back to the office, many say they would rather quit than comply.\n\nNo matter how the corporate office vs. home office battle plays out, the enterprise edge will never go back to the way it was, and enterprise networking and security teams need to find innovative ways to provide security across IoT networks, mobile workforces, and multicloud deployments.\n\nNew networking approaches needed\n\nOne advantage of legacy architectures was that they limited where traffic could come into an enterprise network. As the cloud and SaaS displaced traditional on-premises applications, workers and workloads were distributed across multiple geographic regions.\n\n\u201cThe vast increase in entry points into the network requires a special kind of innovation, not just point solutions that solve specific problems in the enterprise network, but innovation constituting a rethinking of the enterprise network,\u201d said Ramesh Prabagaran, CEO of Prosimo, a multi-cloud networking startup.\n\nKelly Ahuja, CEO of SASE vendor Versa Networks, also pinpoints the ever-expanding edge as the source of numerous problems. \u201cThe importance of delivering a seamless and consistent user-to-application experience over a secure connection from anywhere will be a focus for every cloud-first IT organization,\u201d he said. \u201cEnterprises are aggressively shifting workloads to multiple clouds and adopting SaaS. Employees need access to these workloads from everywhere, but access and tools vary greatly depending on location.\u201d\n\nBoth Prabagaran and Ahuja point to the traditional OSI stack as an outdated impediment to innovation and say the stack must be reimagined to meet current and evolving threats.\n\n\u201cInnovation on the existing network architecture paradigm will require networking, user experience, security, and cost functions to be blended. The seven-layer architecture accompanied by dozens of stakeholders in IT won\u2019t work,\u201d Prabagaran said. \u201cTrue innovation will be in the stack, and it will be centered around the work done by network architects to harmonize all these demands into a new single network layer for experience, security and connectivity, and cost management. While there\u2019s certainly a place for innovative point solutions, this rethinking is required before AIOps or any innovative networking solution can be deployed.\u201d\n\nAhuja believes that the next wave of enterprise networking innovation will focus on integrating security features into the networking stack, giving enterprises the ability to provide \u201cgranular and posture-based access to protect the business.\u201d\n\n\u201cThe network is not one network \u2013 it\u2019s the LAN, WAN, and data center,\u201d Ahuja said. Each of those networks could contain some combination of Ethernet, Wi-Fi, MPLS, wireline broadband, etc. Meanwhile, extending security beyond traditional perimeter protections involves complicated trade-offs that often negatively impact the end-user experience.\n\n\u201cEnterprises need a new approach that delivers security built into the network, so protection can happen at every edge (LAN, WAN, cloud), threats are detected and dealt with instantaneously at every edge, and a user\/app-aware network can deliver the right experience,\u201d he added.\n\nThe perimeter is gone forever\n\nStartups Airgap Networks and Graphiant argue that networking and security must be more tightly integrated in order to meet modern security challenges. Whether workers are in the office or not is beside the point. The traditional corporate perimeter has been obliterated, and it\u2019s not coming back.\n\n\u201cUsing the internet for connectivity is the core problem. To fix the business internet, we need to replace the connectivity component with something better,\u201d said Khalid Raza, Graphiant CEO and founder. Raza says networking paradigms that extend the edge but require specialized tunnels for every connection only offer Band-Aid protection against modern threats, and they cannot possibly scale to meet challenges like remote work and IoT.\n\nRitesh Agrawal, CEO of Airgap Networks, agrees that the expanding corporate perimeter shines a spotlight on the deficiencies of traditional architectures. \u201cWe will continue to see the boundary of the data center pushed outward towards the end-user environment. This not only includes traditional employees, but even bigger risks such as enterprises granting third-party support personnel access to critical infrastructure,\u201d he said.\n\nIn certain settings, such as with contract manufacturers, the manufacturer may not own any of the equipment. Their customers own it and require access through the manufacturer\u2019s network, opening a poorly guarded backdoor for attackers.\n\nAirgap Networks says the best way to innovate around enterprise networking and security is to apply the tried-and-true network segmentation methods that telcos use to protect their mobile networks to the enterprise LAN and WAN.\n\nGraphiant believes that complexity is the Achilles\u2019 heel of enterprise networking. The sprawling edge and ongoing cloud migrations have made enterprise networking hopelessly complex and riddled with vulnerabilities. Graphiant offers a service that looks similar to SD-WAN or SASE, but eliminates complex overlays.\n\nGraphiant\u2019s \u201clabel-switched network\u201d separates WAN data and control planes and optimizes traffic delivery across its backbone based on policies set by users. The network architecture combines SD-WAN-like cloud-based routing and control with a proprietary metadata protocol.\n\nOther SD-WAN and SASE vendors, including Cato Networks, Palo Alto Networks, Versa Networks, and Zscaler, have also been innovating around ways to marry zero-trust security with various SDx services, and they all attempt to tame complexity by integrating more networking and security functions into their services, hoping to create one-stop-shop platforms that allow customers to move away from complicated multi-vendor deployments.\n\nWhat the Okta and MGM breaches teach us\n\nAgrawal says the recent Okta breach shows the dangers of networking designs that require complicated tunnel overlays. In the January 2022 attack, hackers from the group LAPSUS$ gained remote access to Okta\u2019s internal systems through a jump server that was used to provide access to a third party, customer-support provider Sitel. From there, the attacker was able to access unencrypted customer credentials.\n\nIn 2023, Okta suffered another breach, which was eerily similar to the 2022 breach, exposing yet more customer credentials and again causing headaches for Okta customers.\n\nAnother example of the expanding perimeter undermining security is the recent ransomware attack on MGM Resorts International. Attackers gained access to MGM\u2019s internal networks by impersonating an employee. Via the employee\u2019s LinkedIn account, they were able to trick MGM\u2019s help desk into helping them recover the \u201clost\u201d credentials of their target. Once inside the network, attackers infected MGM\u2019s systems with ransomware that impacted a range of business-critical systems, forcing the casino to shut down everything from ATMs to casino gaming machines to hotel keycard systems. The attack disrupted MGM operations for at least 10 days.\n\nIn contrast, Agrawal explained that when ransomware hits a telco network, it quickly hits a dead end because mobile networks are segmented in a way that makes it difficult for malware to spread from device to device.\n\nTo bring that principle to the enterprise, Airgap has developed a ransomware kill switch which eliminates lateral movement with a single click in the security dashboard. The startup has also recently launched a disposable jump box service, which eliminates the threat of having a single jump server that everyone uses to connect to the central network.\n\nHow quantum computing and satellite connectivity could help\n\nMany networking vendors have started to integrate tools like AI and machine learning into their services to help with routing and policy enforcement. Other vendors are kicking the tires on emerging technologies like quantum cryptography.\n\nKarl Horne, vice president of cloud solutions at satellite operator SES, cautions that in much of the world, delivering reliable, business-class connectivity will still be a challenge. \u201cWith remote work here to stay, we have seen enterprises hire people located all over the world, and some of them live in rural, semi-urban, or even urban places where network connectivity is not constantly stable,\u201d he said.\n\nHorne argues that recent advances in satellite-delivered broadband are pushing it into the mainstream. The importance of Starlink to both Ukraine and Taiwan as they face down hostile neighbors is proving that satellite-based Internet can provide mission-critical connectivity even under harsh battlefield conditions.\n\nHorne believes that as satellite Internet develops better interoperability with terrestrial networks, it could well help cement work-from-anywhere in place. \u201cRecent innovations in satellites in the last decade are delivering high-performance connectivity that can easily help extend existing terrestrial networks to ensure more people in remote areas can do their everyday jobs effectively,\u201d he said.\n\nConnecting people in remote locations in a safe and secure manner will remain a challenge, even with broad, space-based coverage. But could quantum encryption change that?\n\n\u201cIntroducing quantum principles into networking is not just an upgrade; it\u2019s a revolution,\u201d said Mike Anderson, chief digital and information officer for Netskope, a SASE provider. Anderson believes the ability to protect all data transmitted over an enterprise network with quantum encryption would be a game-changer. \u201cThis isn’t just about speed or efficiency; it\u2019s about reimagining network security and data processing from the ground up,\u201d he said.\n\nQuantum encryption would not only redefine data security, but also could open new avenues for digital innovation. \u201cThis would make current networks look like dial-up Internet in comparison,\u201d Anderson said. \u201cWhile we’re still in the early days of quantum computing and networking, the momentum is building. Leading tech firms and research institutions are investing billions into quantum research.\u201d